Podtranscript
Log out

La French Connection: Episode 0x168 (Hebdo) - 19 Décembre 2020

Hackfest Communication Hackfest Communication 12/30/20 - Episode Page

19 Décembre 2020





Shameless plug


Février 2021 - Séminaire de Sherbrooke - Cybersécurité en entreprise
Revoyez Hackfest Holiday Event + CTF via le BBS de StackFault
URL formulaire village santé mentale
QuebecSec à venir: 2e table ronde & phishing workshop/talks


Shownotes and Links


SolarWinds

https://www.solarwinds.com/-/media/solarwinds/swdcv2/landing-pages/trust-center/resources/secure-configuration-in-the-orion-platform.ashx
https://support.solarwinds.com/SuccessCenter/s/article/Files-and-directories-to-exclude-from-antivirus-scanning-for-Orion-Platform-products?language=en_US
https://newsla.localad.com/2020/12/15/breaking-pentagon-imposes-emergency-shutdown-of-its-secret-internet-protocol-router-network-handles-classified-information-up-to-the-secret-level/
http://d18rn0p25nwr6d.cloudfront.net/CIK-0001739942/57108215-4458-4dd8-a5bf-55bd5e34d451.pdf
https://twitter.com/Rothbard1776/status/1338626722321879045
https://github.com/fireeye/sunburst_countermeasures
https://www.sans.org/webcasts/emergency-webcast-about-solarwinds-supply-chain-attack-118015
https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/
https://dev.to/k0p1/update-fireeye-hacked-red-team-tools-leaked-8c1
https://mobile.twitter.com/lordx64/status/1338526166051934213
https://versprite.com/blog/security-research/exploitation-of-remote-services/
https://cyber.dhs.gov/ed/21-01/#cisa-actions
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
https://www.sans.org/webcasts/emergency-webcast-about-solarwinds-supply-chain-attack-118015
https://www.solarwinds.com/securityadvisory
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Behavior:Win32/Solorigate.C!dha&ThreatID=2147771132
https://twitter.com/KyleHanslovan/status/1338851535342727168?s=19
https://arstechnica.com/information-technology/2020/12/solarwinds-hackers-have-a-clever-way-to-bypass-multi-factor-authentication/#p3
https://malicious.link/post/2020/solarflare-release-password-dumper-for-solarwinds-orion/


Protégez-vous fuite de 330 000 clients
Beneva - Pas de mal?
Promutuel Assurance - toujours down.
Gouvernement Quebec down
[Fuite de données : Desjardins connaissait sa vulnérabilité mais n’a rien fait]
Le SCRS pourrait avoir violé la loi
Pornhub suspends over 10 million videos to eradicate illegal content
Les services intelligents d’Hydro connaissent déjà des ratés

12 Oct 2020 - [QC ONLY] $440 Hydro-Quebec Hilo smart hub & 6x Zigbee thermostat with free install, save $ during peak usage events

https://forums.redflagdeals.com/qc-only-440-hydro-quebec-hilo-smart-hub-6x-zigbee-thermostat-free-install-save-during-peak-usage-events-2408287/
https://www.hiloenergie.com/en-ca/legal/application-privacy-policy/




Ministre Fitzgibbon impliqué avec Hikvision
Chronique/Opinion littéraire - C’est arrivé la nuit de Marc Levy
SolarWinds: Un véritable conte de Noël :

Noel Passé: Comment la Chine aurait infiltré l’approvisionnement en serveurs de Dell, Apple, Amazon, etc
Noel Présent: Comment Microsoft commente l’affaire SolarWinds
Noel Futur: Comment Microsoft gère les vulnérabilités XSS/RCE persistantes dans Teams


Cyberattaques Air canada
L’état de la R&D en matière d’analyse de data énergétique


Crew


Virginie
Steve Waterhouse
Patrick Mathieu
Damien Bancal
Guillaume Morissette


Crédits


Montage audio par Hackfest Communication
Music Space Kablooie - Open Source – Ego Killer
Locaux virtuels par 8x8